This course is an intermediate to advanced course covering control system cybersecurity vulnerabilities, threats and mitigating controls. This course will provide hands-on analysis of control system environments allowing students to understand the environmental, operational and economic impacts of attacks like Stuxnet and supporting mitigating controls.

What are the security risks of Control System components, communication protocols and operations?

Whether the Control System is automating an industrial facility or a local amusement park roller coaster, the system was designed to operate in a physically, cyber and operationally secure domain. This domain extends throughout the facility using a combination of Programmable Logic Controllers, Programmable Automation Controllers, embedded logic controllers, Remote Terminal Units, as well as Human Machine Interfaces interlinked with one or a variety of SCADA systems and communication protocols across local and long distance geographic regions. The risks vary from simple eavesdropping or electronic denial of service to more sophisticated asset misuse and destruction. To further compound the challenge, today there are not enough professionals with security skills to sufficiently deter, detect and defend active threats against our critical infrastructure's control systems.

How can we progress from Control System security policy development to design, deployment, and assessment?

This course was designed to help organizations struggling with control system cybersecurity by equipping personnel with the skills needed to design, deploy, operate, and assess a control system's cybersecurity architecture. The course begins by quickly describing the risks and then introducing the participants to a customizable actuator and sensor control system trainer and programmable logic environment. This automation programming analysis creates the platform to identify logic flaws that combined with active cyber, physical, and operational procedures may lead to increased risk. The participants then utilize this knowledge to analyze the control system architecture through cyber, physical and operational risks including:

Control System component engineered, programmed and firmware logic flaws

Wired and wireless communication protocol analysis

Physical, cyber and operational procedures

Deterrence, detection and response to threats

The participant's knowledge is challenged through non-kinetic and kinetic analysis associated with common industry components as well as red team/blue team exercises of both physical and simulated control system environments such as Traffic Lights, Chemical Storage and Mixing, Pipelines, Robotic Arms, Heavy Rail and Power Grids.

What is critical infrastructure Control System cybersecurity?

Control Systems (Local, Distributed and SCADA systems) are used throughout the world to automate common processes. These systems need to provide reliable and safe automation for such critical infrastructures as the Bulk Electric System (BES), natural gas, oil, transportation, chemical, mining, fresh water/waste water, manufacturing, food, and defense. The critical necessities for both government and its people to survive are automated using industrial control systems. In the past decade, advances in technology have added automation that has intertwined of these systems with the Internet, wireless, business networks and traditional hardware and communications protocols. Many Control Systems (CSs) are in some way electronically connected to networks of less trust, potentially even a slight distance away from the Internet. These CSs typically use vulnerable communication protocols. Many even use TCP/IP and in specific situations, common off-the-shelf hardware and chipsets. It is paramount to the safety of our society to sufficiently understand the architecture of and protect these critical systems.

Course Syllabus

Schedule

Additional Information

Laptop Provided

Each team of two participants (a Pod) are provided training kits containing all hardware and software necessary for the course: a laptop, PLC programming software, HMI software, customizable actuator/sensor training unit, communications network and cabling, external wireless card, teensyduino++, customized Backtrack platform. The participant is not required to bring any technology to the class; however, the participant may use their own analysis tools.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Who Should Attend

The class establishes a high-level understanding of Control System cybersecurity valuable to a wide-range of professionals, whether directly in the field or responsible for compliance. The class also dives into a great deal of real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation. Therefore, the class is applicable to:

Author Statement

I wrote this class so that people could understand the elements of, ethically hack and proactively defend our control systems. This course will help the participants figuratively and literally get their hands around the challenges of protecting local and geographically dispersed control environments.